Tuesday, June 20, 2006
Numerous federal and local law enforcement agencies have bypassed subpoenas and warrants designed to protect civil liberties and gathered Americans' personal telephone records from private-sector data brokers.
These brokers, many of whom advertise aggressively on the Internet, have gotten into customer accounts online, tricked phone companies into revealing information and even acknowledged that their practices violate laws, according to documents gathered by congressional investigators and provided to The Associated Press.
The law enforcement agencies include offices in the Homeland Security Department and Justice Department — including the FBI and U.S. Marshal's Service — and municipal police departments in California, Colorado, Florida, Georgia and Utah. Experts believe hundreds of other departments frequently use such services.
"We are requesting any and all information you have regarding the above cell phone account and the account holder ... including account activity and the account holder's address," Ana Bueno, a police investigator in Redwood City, Calif., wrote in October to PDJ Investigations of Granbury, Texas.
An agent in Denver for U.S. Immigration and Customs Enforcement, Anna Wells, sent a similar request on March 31 on Homeland Security stationery: "I am looking for all available subscriber information for the following phone number," Wells wrote to a corporate alias used by PDJ.
Congressional investigators estimated the U.S. government spent $30 million last year buying personal data from private brokers. But that number likely understates the breadth of transactions, since brokers said they rarely charge law enforcement agencies any price.
PDJ said it always provided help to police for free. "Agencies from all across the country took advantage of it," said PDJ's lawyer, Larry Slade of Los Angeles.
A lawmaker who has investigated the industry said Monday he was concerned by the practices of data brokers.
"We know law enforcement has used this because it is easily obtained and you can gather a lot of information very quickly," said Rep. Ed Whitfield, R-Ky., head of the House Energy and Commerce investigations subcommittee. The panel expects to conduct hearings this week.
Whitfield said data companies will relentlessly pursue a target's personal information. "They will impersonate and use everything available that they have to convince the person who has the information to share it with them, and it's shocking how successful they are," Whitfield said. "They can basically obtain any information about anybody on any subject."
The congressman said laws on the subject are vague: "There's a good chance there are some laws being broken, but it's not really clear precisely which laws."
James Bearden, a Texas lawyer who represents four such data brokers, compared the companies' activities to the National Security Agency, which reportedly compiles the phone records of ordinary Americans.
"The government is doing exactly what these people are accused of doing," Bearden said. "These people are being demonized. These are people who are partners with law enforcement on a regular basis."
The police agencies told AP they used the data brokers because it was quicker and easier than subpoenas, and their lawyers believe their actions were lawful. Some agencies, such as Immigrations and Customs Enforcement, instructed agents to stop the practice after congressional inquiries.
The U.S. Marshal's Service told AP it was examining its policies but compared services offered by data brokers to Web sites providing public telephone numbers nationally.
None of the police agencies interviewed by AP said they researched these data brokers to determine how they secretly gather sensitive information like names associated with unlisted numbers, records of phone calls, e-mail aliases — even tracing a person's location using their cellular phone signal.
"If it's on the Internet and it's been commended to us, we wouldn't do a full-scale investigation," Marshal's Service spokesman David Turner said. "We don't knowingly go into any source that would be illegal. We were not aware, I'm fairly certain, what technique was used by these subscriber services."
At Immigration and Customs Enforcement, spokesman Dean Boyd said agents did not pay for phone records and sought approval from U.S. prosecutors before making requests. Their goal was "to more quickly identify and filter out phone numbers that were unrelated to their investigations," Boyd said.
Targets of the police interest include alleged marijuana smugglers, car thieves, armed thugs and others. The data services also are enormously popular among banks and other lenders, private detectives and suspicious spouses. Customers included:
_A U.S. Labor Department employee who used her government e-mail address and phone number to buy two months of personal cellular phone records of a woman in New Jersey.
_A buyer who received credit card information about the father of murder victim Jon Benet Ramsey.
_A buyer who obtained 20 printed pages of phone calls by pro basketball player Damon Jones of the Cleveland Cavaliers.
The athlete was "shocked to learn somebody had obtained this information," said Mark Termini, his lawyer and agent in Cleveland. "When a person or agency is able to obtain by fraudulent means a person's personal information, that is something that should be prohibited by law."
PDJ's lawyer said no one at the company violated laws, but he acknowledged, "I'm not sure that every law enforcement agency in the country would agree with that analysis."
Many of the executives summoned to testify before Congress this week were expected to invoke their Fifth Amendment rights against self-incrimination and to decline to answer questions.
Slade said no one at PDJ impersonated customers to steal personal information, a practice known within the industry as pretexting.
"This was farmed out to private investigators," Slade said. "They had written agreements with their vendors, making sure the vendors were acquiring the information in legal ways."
Privacy advocates bristled over data brokers gathering records for police without subpoenas.
"This is pernicious, an end run around the Fourth Amendment," said Marc Rotenberg, head of the Washington-based Electronic Privacy Information Center, a leading privacy group that has sought tougher federal regulation of data brokers. "The government is encouraging unlawful conduct; it's not smart on the law enforcement side to be making use of information obtained improperly."
A federal agent who ordered phone records without subpoenas about a half-dozen times recently said he learned about the service from FBI investigators and was told this was a method to obtain phone subscriber information quicker than with a subpoena.
The agent, who spoke only on condition of anonymity because he is not authorized to speak with reporters, said he and colleagues use data brokers "when he have the need to act fairly quickly" because getting a subpoena can involve lengthy waits.
Waiting for a phone company's response to a subpoena can take several days or up to 45 days, said police supervisor Eric Stasiak of Redwood City, Calif. In some cases, a request to a data broker yields answers in just a few hours, Stasiak said.
Legal experts said law enforcement agencies would be permitted to use illegally obtained information from private parties without violating the Fourth Amendment's protection against unlawful search and seizure, as long as police did not encourage any crimes to be committed.
"If law enforcement is encouraging people in the private sector to commit a crime in getting these records that would be problematic," said Mark Levin, a former top Justice Department official under President Reagan. "If, on the other hand, they are asking data brokers if they have any public information on any given phone numbers that should be fine."
Levin said he nonetheless would have advised federal agents to use the practice only when it was a matter of urgency or national security and otherwise to stick to a legally bulletproof method like subpoenas for everyday cases.
Congress subpoenaed thousands of documents from data brokers describing how they collected telephone records by impersonating customers.
"I was shot down four times," Michele Yontef complained in an e-mail in July 2005 to a colleague. "I keep getting northwestern call center and they just must have had an operator meeting about pretext as every operator is clued in."
Yontef, who relayed another request for phone call records as early as February, was among those ordered to appear at this week's hearing.
Another company years ago even acknowledged breaking the law.
"We must break various rules of law in acquiring all the information we achieve for you," Touch Tone Information Inc. of Denver wrote to a law firm in 1998 that was seeking records of calls made on a calling card.
The FBI's top lawyers told agents as early as 2001 they can gather private information about Americans from data brokers, even information gleaned from mortgage applications and credit reports, which normally would be off-limits to the government under the U.S. Fair Credit Reporting Act.
FBI lawyers rationalized that even though data brokers may have obtained financial information, agents could still use the information because brokers were not acting as a consumer-reporting agency but rather as a data warehouse.
The FBI said it relies only on well-respected data brokers and expects agents to abide by the law. "The FBI can only collect and retain data available from commercial databases in strict compliance with applicable federal law," spokesman Mike Kortan said Monday.